diff options
| -rw-r--r-- | src/cryptography/x509.py | 4 | ||||
| -rw-r--r-- | tests/test_x509.py | 14 |
2 files changed, 18 insertions, 0 deletions
diff --git a/src/cryptography/x509.py b/src/cryptography/x509.py index 21e18ddd..24d501e5 100644 --- a/src/cryptography/x509.py +++ b/src/cryptography/x509.py @@ -1468,6 +1468,10 @@ class CertificateSigningRequestBuilder(object): """ if isinstance(extension, BasicConstraints): extension = Extension(OID_BASIC_CONSTRAINTS, critical, extension) + elif isinstance(extension, SubjectAlternativeName): + extension = Extension( + OID_SUBJECT_ALTERNATIVE_NAME, critical, extension + ) else: raise NotImplementedError('Unsupported X.509 extension.') # TODO: This is quadratic in the number of extensions diff --git a/tests/test_x509.py b/tests/test_x509.py index 99551eb2..53052196 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -856,6 +856,20 @@ class TestCertificateSigningRequestBuilder(object): critical=False, ) + def test_add_unsupported_extension_in_backend(self, backend): + private_key = RSA_KEY_2048.private_key(backend) + builder = x509.CertificateSigningRequestBuilder() + builder = builder.subject_name( + x509.Name([ + x509.NameAttribute(x509.OID_COUNTRY_NAME, u'US'), + ]) + ).add_extension( + x509.SubjectAlternativeName([x509.DNSName(u"cryptography.io")]), + critical=False, + ) + with pytest.raises(NotImplementedError): + builder.sign(backend, private_key, hashes.SHA256()) + def test_set_subject_twice(self): builder = x509.CertificateSigningRequestBuilder() builder = builder.subject_name( |